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\pproach in Securing 


ty and Comprehensive Security for Cloud workloads and 


lanagement, Qualys, Inc. 


Agenda 


"Shift Left" Migration & 
Requirements 


Your responsibility in cloud security 
Customer Case Studies 


Qualys Security for hardening and 
standardizing workloads 


Qualys security for Infrastructure 
Use Cases & Demo 
Q&A 
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The Big Migration... in security, it is happening.. 
Continuous Secure Development and Deployment 


& 9 


DEVELOPERS 


8 SECURE 
(u | Ci 9 CI/CD 


OPERATIONS 


49 ` 
EN MONITO 
© | "R 
SECURITY 


SECURITY AT DEVELOPMENT 
Y Static Code Analysis 

Y Vulnerability Management 

Y Web Application Scanning 

Y Compliance Checks 


Y Configuration Assessments 


SECURITY AFTER DEPLOYMENT 


» Vulnerability Management 

» Compliance Checks 

» Configuration Assessments 
» Web Application Scanning 

» Web Application Firewalls 
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DevOps/DevSecOps Requirements... 


; A ^ e 


kubernetes 
a 5 e, e Jenkins > > > DevSecOps Engineer 
E l uppet 
E & Bamboo PUPP y Responsible for 


DEVELOPERS Frog لمعه اناه‎ ANSIBLE automating 


security checks 
| | and remediating 
viable security 
threats in 
development/ 


deployment 
practices 


AUTOMATION & ACTIONABLE DATA .... 
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The New IT - 
Hybrid, Multi-Cloud Deployment 


A Azure Google Cloud Platfor m 


S 


ON-PREMISE* PUBLIC CLOUD 


Shared Security Responsibility Model 


N d Lem, = 
XS f A 
١ D | 
A ) H | 
| We ١ ^ 


are responsible for securing 
your data and workloads 


Varies by layers 


© Qualys 


Securing Cloud Workloads 


Hardening and Standardizing 


VULNERABILITY 
MANAGEMENT 


e Vulnerability Management 
(Internal & Perimeter) 

* Threat Protection 

e Indicators of Compromise 

٠ Patch Management* 


POLICY COMPLIANCE 


* Policy Compliance (mel: 
Secure Configuration 
Assessments) 


* File Integrity Monitoring 


© 


APPLICATION 
SECURITY 


* Web Application Scanning 
(WebApps and REST APIs) 
* Web Application Firewall 


© Qualys 


Securing 


Public Clouds 
Using Qualys 


Customer Case Studies 


COX 


Moving towards a 


"Security as a Service" 


model with approved 
AMI marketplace 


A SOFTWARE 
a" 


MAKER © 


“Just in time” security 
approvals with end to 
End integration of 
Qualys Scan and Reports 
with Service Now, 


— m 


CapitalOne 


Reduced application 
releases from 2 weeks to 
24 hrs by automating 
security with Qualys in 
to DevOps 


: cue" aS" 


Enabling DevOps with 
automated agent 
deployment via Azure 
Security Center 
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CapitalOne 
Before: Lack of Security Automation 


Delays Release 


en LLI == 
Machine ij .<==—=== لج‎ Vulnerability 
48 HOURS 
S 


Two weeks until the Image (AMD is certified for production 
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Capital One 


Introducing Security at the Source Bake 
Qualys Security into Gold Images and AMI 


OS GOLD IMAGE 
QUALYS ASSESS APPROVE and 
and ON DEV E HARDENDED D PUBLISH 


“HUE LENE INSTANCES CI/CD PIPELINE 
Qualys 
Agent 
© 
I 
i 
1 
LLU 
O0 
Public هكرب كل‎ 
Bake 


Approved 
Gold Image 
and AMI 


UU 
Lr 


Custom 


Live Instances 


Bakery process happens within 24 Hrs 
© Qualys 


"Security as Service" 


Integration between Service Now and Qualys 


Challenge 


* Moved almost all datacenters to AWS 


* Keeping up with security "Just in Time" projects with multiple teams 
submitting requests for spinning up infrastructure 


Requirement 
* Automate Vulnerability Mgmt. from Connectors, Scans, and to Results 
* Integrate into Service Now for end to end invocation 


Solution 


= 
m^ 
M 


USERS 


Invoke Scan 
process 


Create Scan results © 
Ticket With link to s3 
bucket | | | 
I servi | 
servicenow. b 


Close Y 
Ticket جح له‎ 
Incl. eh 


Vuln. reports d 
Qualys کے‎ 
Pre-Authorized 
Scanner Appliances 


aws 
—F 


AWS VPC 


ee 


Company Profile 
Makes software for architecture, 
Engg., construction and Media 


INDUSTRY: Software, Media, 
Manufacturing 


REGION: USA 


CLOUD: 
Primary Cloud - AWS 
Secondary Cloud- Azure 


DEPLOYMENT REGION: 
US East, West 


SERVICES USED: 
EG2LSS RDS, EMR, EBS, 
Containers 


QUALYS USAGE: 
VM, AV, Scanners 


© Qualys 


A Beverage MNC Company 


a 


Qualys Automation within Azure Security Center 


Fast growing deployment in Azure 
( added 10K instances in 6 months) 


Problem? 


Ops wants to simplify the process of 
security tools rollout 


Security wants to participate into 
DevOps 


Solution 


Utilizing Qualys integration with 
Azure Security Center 


Utilize ASC automation to bake 
agents into test subscription and 
review reports with ASC 


vulnerabilities (by Qualys) D ( ZS © @ Ron Nan AYE dëi 


DEVPASSPORTQUALYS (DEFA... 


Remediate vulnerabilities (by Qualys) EX 


PREVIEW 


Y Filter 


VULNERABILITY NAME 5 VENDOR ^ AFFECT... ^ STATE SCH SEVERITY ^ 


© recent 


© op Services Enabled DCOM Qualys harivm2 Open © High 


D virtusi machines (classic) Allowed Null Session Qualys harivm2 Open A Medium 


M Virtual machines 


Qualys harivm2 Open A Medium 


Enabled Cached Logon Cre... 


LE databases 


A Medium 


Machine Information Discl... Qualys harivm2 Open 


iss] 


Qualys harivm2 Open A Medium 


7 Microsoft Windows Explore... 


Windows Explorer Autopla... Qualys harivm2 Open A Medium 


Access to File Share is Enab... Qualys harivm2 Open © Low 


ActiveX Controls Enumerated Qualys harivm2 Open © Low 


Antivirus Product Not Dete... Qualys harivm2 Open @ Low 


Qualys harivm2 Open © Low 


Disabled Clear Page File 


Enabled Caching of Dial-up... Qualys harivm2 Open © Low 


Qualys harivm2 Open © Low 


Enabled Display Last Usern... 


File Access Permissions for... Qualys harivm2 Open © Low 


File Access Permissions for... Qualys harivm2 Open © Low 


Host Scan Time Qualys harivm2 Open © Low 


Qualys harivm2 Open © Low 


Hyper-V Host Information ... 


Installed Applications ...نامع‎ Qualys harivm2 Open © Low 
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Internet Protocol version 6... Qualys harivm2 Open © Low 


Cloud 
Perimeter Scan 


Launch DNS based scans on 
public instances auto selected 
from your account via 
connectors 


Add Elastic Load Balancer DNS 


Generate results with external 
only remote check vulnerabilities 


Vulnerability Management v 


Dashboard 


e Scans 


v 


Scans Reports Remediation 


Maps Schedules 


New v | | Search | Filters w |< My Scans | 


Scans 


Auto selects 


Scan Public 
| EC2 Scan Instances. 
Schedule Scan 
— 3 Add Load 
Host > 


Launch Cloud Perimeter Scan 


Step 3 of 6 


o Scan Details 


e Target Connector 


Target Hosts 


Filter by Specific Tags 


Include hosts that have Any |x ofthe tags below 


e Target Hosts (Optional) 


Continue 
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Azure E يم‎ NNNM 
onnector = — 
in Asset View - 


Turn help tips 1| Off Launchhelp 4 


Step 1 of 4 Connector Details 


i ame* (" REQUIRED FIELDS 
o Connector Details A Name RED FIELD 
[example: My Connector 


n Selection This field is required 


Description 


Set up authentication details 
Create an application in active directory and provide reader role access to the subscription 


Application ID 


Directory ID 


Authentication Key 


Subscription ID 


© Qualys. 


Azure Scan Flow 


Launch Cloud Scan 


Step 3 of 6 Target 


(1) Cloud Platform 
(2) Scan Details 
eo Target 


4 Scanner Appliance 
5 Schedule & Notification 


5 Review and Launch 


Launch Cloud Scans 
on Azure Internal 
(Private) and 
External 

(Public )Virtual 
Machines Scanner 


Launch by Virtual 
Machine ID and NOT 
by IP 


Report by Virtual 
Machine IDs 


9 Qualys 


Securing Azure Stack using Qualys 
Qualys is the only distributor of Infra's VM,PC reports 
Y Vulnerability and Compliance 


J , E o d 
Reports available from MSFT 


Infrastructure Azure Stack 


© 


Y Qualys Security Solution 
suite - VM, PC, AppSec,.. 


Y Network Scan using Qualys 
Vulnerability Management 


Häff 


Azure Stack 


Register © httos://www.qualys. com/azure-stack/ 
November 16, 2018 9 Qualys. 


Cloud Workload Security with Qualys 


© Search 


laaS 
0200 
0000 
cooo 
PaaS* e 


* PaaS - Cloud Database Scanning - Roadmap 1H ‘19 
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Integrating within the process and response 
pipeline with Partners 


boue us eom >! illumio 
pere 7 puppet 
Keeping track of assets (CMDB) servicenow 
کک‎ data into SIEM for splunk> 


© Qualys 


Cloud Integrations 


Azu re Secu rity Center (V M J = Google Cloud Platform 
= P TO e Uu 61 | O n e Security Command Center 


DASHBOARD 


e Assets 
e 


Google Security Command Center - 
Beta in December 2018 


Other Integrations 


IBM Security Center 
- Dec2018/Jan 2019 


Alibaba Security Center 
- Q1/Q2 2019 


FINDINGS 
Findings 
Finding Summary Qualys 
20 current findings 13 current findings 
Finding source Findings. Severity Level Count Asset Count 
Severity y5 
Qualys 
Severity 4 
Echo: e 
Severi ity3 
rce 
Severity 2 
VIEW ALL FINDINGS = = = Seet ty 
Echo Si Qualys findings summary 
5 current findings 
inding type g: 
inding A 
Finding B 
Finding c Foxtrot S 
Findin gD 


There are currently no findings. 
Learn More 


VIEW ALL FINDINGS 
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Qualys Cloud 
Apps in AWS 
Marketplace 


Vulnerability Mgmt., 
Policy Compliance, 
Web Application Scanning 


Soon.. 

Web Application Firewall 
Cloud Security Assessment 
Container Security 

File Integrity Monitoring 
Indication of Compromise 


= CT aws marketplace 


and elastic clouds. Founded in 1999 as 
one of the first SaaS security companies, 
Qualys has established strategic © 
partnerships with leading managed 
service providers and consulting 
organizations including Accenture, BT, 
Cognizant Technology Solutions, 
Deutsche Telekom, Fujitsu, HCL 
Technologies, HP Enterprise, IBM, Infosys, 
NTT, Optiv, SecureWorks, Tata 
Communications, Verizon and Wipro. The 
company is also a founding member of Qualys 
the Cloud Security Alliance. For more 


information, please visit www.qualys.co 


9 لس 
NEW LISTINGS Qualys.‏ 


showing 1 - 5 


W AWS Marketplace on Twitter [© AWS Marketplace Blog 


Sign in 


Qualys Virtual Firewall Appliance HVM 


zé (0) | Version Qualys-WAF-AWS-1.4.0 | Sold by Qualys, Inc. 


The Qualys Web Application Firewall Virtual Appliance 
extends the reach of the Qualys Cloud Platform's integrated 
suite of security and compliance SaaS applications into the... 


Linux/Unix, CentOS 6.9 - 64-bit Amazon Machine Image (AMI) 


Qualys Vulnerability Management (US Only) 


zeng (0) | Version 1 | Sold by Qualys, Inc. 


Get access to the industry's most advanced, scalable, and 
extensible solution for vulnerability management. Qualys VM 
continuously scans and identifies vulnerabilities, protecting... 


Qualys Policy Compliance (US Only) 


zim (0) | Version 1 | Sold by Qualys, Inc. 


Qualys Policy Compliance (PC) is a cloud service that 
performs automated security configuration assessments on 
your IT systems. It helps you to reduce risk and continuously... 


A RSS Feed 
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Cloud Infrastructure 


Australian Insurance Company 


Visibility of deployments stop misuse 


of keys 


AWS sent a notice of compromised keys 
À attempting to create multiple accounts in EU 


Use Case 
Identify the S3 buckets which have the keys stored 
are opened up to public 


Requirement 

٠ Identify where the deployments are located 

٠ Identify S3 buckets that are public and fix it 

* Ensure best practices are followed by IAM users of 
the account 


Company Profile 
Largest provider of Auto ~ 
and Agriculture insurance 


INDUSTRY: Insurance 


REGION: Australia 


CLOUD: 
Primary Cloud - AWS 
Secondary Cloud- Azure 


DEPLOYMENT REGION: 
Australia 


SERVICES USED: 
EC2, S5, RDS, EMR, Cloud 
Front 
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We need to secure against... 


Misconfigurations 


Malicious behavior mA , e 
Non-standard deployments dr Bac Administrative 
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Qualys Cloud 
Inventory and 


security 

CI 
Assessments B 
Unparalleled Visibility and cud 
Continuous Security Monitoring Inventory 


across public cloud infrastructure 


aws 
~~) 


Google Cloud Platform 


Cloud 
Security 
Assessment 


Use Case #1 
Visibility into 
your public clouds 


View into 
* Resource Distribution by Type 
* Resources by Region 


Personalize and add custom widgets 


CloudView TRIAL 


DASHBOARD 


RESOURCES 


MONITOR POLICIES CONFIGURATION 


AWS Dashboard v 


Last 30 Days Y 


RESOURCE DISTRIBUTION BY TYPE 


ute Load 


e  Balanc 


instance 


SECURITY POSTURE BY REGIONS 
e € Ke 
7 
. 


TOP 5 ACCOUNTS BY FAILED CONTROLS 


383031258652 


Bucket 


2] 


en 
EE) 


FAILURES BY CONTROL CRITICALITY 


Total Failures 


348 


@ HIGH 226 
@ MEDIUM 122 
VPC Subnet IAM Network Qa 
User ACL 


All Regions 


Total Resources 
402 Ti [l Lu 
Inter... Rout. 


out. Secu. Instance VPC 


Total Failures 


348 entm ( 
B MED : 122 


TOP 5 FAILED CONTROLS 


Ensure IAM policies are attached only to groups or rol: 


criticality [EN 


Ensure access key1 is rotated every 90 days or less 


criticality RSR 


Ensure no security groups allow ingress from 0.0.0.0/1 
Criticality 


Ensure the default security group of every VPC restrict 


criticality 


Use Case #2 
© Qualys. Enterprise 


o 
I | = r tl L eak CloudView DASHBOARD RESOURCES MONITOR POLICIES CONFIGURATION 
"m DNI VA eB Se مد تلوحت‎ List View 


Misconfigured SS Buckets are 
vulnerable for data leaks 


| X resource.type:"S3 Bucket" and s3.isPubliclyAccessible:true 


X service.type:"S3" 


EVALUATIONS SECURITY POSTURE FAILURES BY CRITICALITY 


312 169 143 143 


MN 


Total Evaluations Pass Fail High Medium 
1-4of 4 
45 S3 Bucket Access Control List Grant Access to Everyone or Authenticate.. BUGIN S3 62 
De IIS SOS Regu larly Policy : AWS Best Practices Policy erem 
| 46 Ensure S3 Bucket Policy does not allows anonymous access WER S3 64 
: a Policy : AWS Best Practices Policy — 
e Review Access Control List pus 
e 47 Ensure access logging is enabled for S3 buckets S3 19 
e m h ec k B LI © ket P 0 | | Cy Policy : AWS Best Practices Policy TE 
48 Ensure versioning is enabled for S3 buckets S3 24 
Policy : AWS Best Practices Policy وعد‎ 
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Use Gase #3 


8 Detect 
Compromised 
IAM Users 


Check for: 


* Configure Strong Password Policy for 
Account 


Enforce MFA for Console Users 
* Rotate IAM Access Keys Every 90 Days 
* Removed Unnecessary Credentials 


Audit Process 


* Create separate user for console & API 
access ( Segregation of duty) 


* [rack password age 
* Deactivate unused keys 


CloudView 


Amazon Web Services v 


DASHBOARD RESOURCES MONITOR 


POLICIES CONFIGURATION 


Hari Srinivasan ( 


service.type:"IAM" 


21 


Total Controls Evaluated 


Total 

CONTROL RESULT 
FAIL 20 
PASS 1 

1 
ACCOUNT | 
383031258652 21 
457721770691 20 2 
344440683180 9 
CONTROL CRITICALITY 3 
HIGH 18 
MEDIUM 3 | " 


EVALUATIONS 


661 


SECURITY POSTURE 


251 


Pass 


410 


Fail 


Evaluations 


Ensure multi-factor authentication (MFA) is enabled for all IAM users that... 
Policy : CIS Amazon Web Services Foundations Benchmark 


Ensure console credentials unused for 90 days or greater are disabled 
Policy : CIS Amazon Web Services Foundations Benchmark 


Ensure access keys unused for 90 days or greater are disabled 
Policy : CIS Amazon Web Services Foundations Benchmark 


Ensure access key1 is rotated every 90 days or less 
Xm e = mark 


FAILURES BY CRITICALITY 


256 


High 


154 


Medium 


1-210f 21 
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Australian Insurance Company 


Visibility of deployments stop misuse 
of keys 00 


AWS sent a notice of compromised keys Largest provider of Auto * 
: R : and Agriculture insurance 
À attempting to create multiple accounts in EU 
INDUSTRY: Insurance 


Use Case 
Identify the S5 buckets which have the keys stored are opened up to public 


REGION: Australia 


Requirement CLOUD: 
* |dentify where the deployments are located Primary Cloud - AWS 
٠ |dentify S5 buckets that are public and fix it Secondary Cloud- Azure 


* Ensure best practices are followed by IAM users of the account 
DEPLOYMENT REGION: 

Solution Australia 

With Qualys Cloud Inventory and Assessment 

Y Gain visibility into the global deployments 

Y |dentify S3 buckets that are public and required fixing 

Y |dentify the IAM users and their security posture 


SERVICES USED: 
EC2, S5, RDS, EMR, Cloud 
Front 
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Visibility - Get started with a 


FREE service 


CloudView 
A FREE inventory and monitoring 
service for your public clouds 


Cloud Inventory 


Cloud Security Assessment 


Whatis my public cloud usage? 
What is my security posture? 
Do | have any publicly accessible security accounts? 
Are my security groups opening unauthorized access to internet? 


Use Case#4 
Misconfigured 


Security 
Groups 


Security groups with default 
rule, allowing access on port 
22258 


With Qualys Vulnerability 
Mgmt. - Identify Security 
Groups exposing Vulnerable 
instances 


service. type: "VPC" 


EVALUATIONS SECURITY POSTURE FAILURES BY CRITICALITY 
Total Evaluations Pass Fail High Medium Low 
1-40f 4 
SURIT 
41 Ensure no security groups allow ingress from 0.0.0.0/0 to port 22 VPC 162 83 


List View 


resource. type: "Instance" and securitygroup.inboundRule.fromPort:22 and securitygroup.inbo 


Ens 4 
Polic ule.ipv4Range:0.0.0.0/0 and (not instance.publicIpAddress is null) 
x ac 
OC 
ب‎ "e M 
LE EE E GE 
WT We, en, el 
— 18th Oct 29th Oct 30th Oct 5th Nov 7th Nov 
*] Resource Summary 
i-053a4ff0c8841c8de 457721770691 N. Virginia t2.micro Running 
lambda test 
i-0c84632aeb811f045 457721770691 Ohio t2.micro Running 
WinApp. 1 
i-0fd488181b8329f15 457721770691 Ohio t2.micro Running 


IT App. internal. 1 


Qualys Cloud Inventory 


and Security Assessment 
Key Capability 


Visibility into your 


Continuous security 
public clouds 


monitoring 
Get topographic view 
of your cloud 
inventory 


CAWS, Azure, GCP) 


Monitor against 
security standards. 
Identify threats from 
misconfigurations 
CAWS, Azure) 


4 


7 


Actionable Insight & 
threat prioritization 


Prioritize by 
understanding 
association with 
exposures linked to 
vulnerable instances, 
network placement. 
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Threat Analysis 
Correlating Vulnerability data to provide risk insights 


Use Cases 

Security Groups allowing 
access on the same ports 
where network vulnerabilities 
have been identified 


Vulnerable EC2 Instances 
with Instance profiles 
accessing S3 buckets 


Coming Dec. 2018 
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< Resource Details: sg-5c324e25 


Threat Details 


PORTS WITH TREATS IMPACTED RESOURCES 


Rules 
"ek "em OPEN PORT VULNERABILITIES 
Tags 

20 Ports Resources 


Controls Evaluated 


Actions v | | Show Issues by: Ports 
RULES 
PORT TYPE PROTOCOL PORT RANGE SOURCE PORT WITH THREATS IMPACTED INSTANCES  VULERABILITES 
80 Custom TCP 0-100 0.0.0.0/0 9 2 2 
8080 Custom TCP 8080 0.0.0.0/0 9 2 2 
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Remediation 


Automate in real time actions to protect against risks 


Make the object private, 
where necessary 


| AWS Lambda 


User S3 


D a > مم‎ 
bod PutObject Deliver event when 


PutObjectAcl the rule matches 


Lambda function that Integration into Qualys 
reads the state of the S5 Cloud View (Coming in 
bucket, updates to make Q12019) 


bucket and its object 
* Collect evaluation results 


private. 
* Execute update 
permissions 
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Coming 
Jan'19 


Cloud Infrastructure Reports 


© Qualys. Enterprise 
Generate reports for CIS 
CloudView DASHBOARD RESOURCES MONITOR REPORTS CONFIGURATIONS Dave Jones (qyays. dj) 


Benchmarks, mandates — 
like PCI, HIPAA, SENG 
ILO2 700r NIST 200-53: | 


" KC Actions v 
Configure for specific do 


REPORT TITLE 
PCI Report for MyAWS Storefront 


a C e © U n 1 5 J a n d re g | O n S PCI Report for MyAWS Quick Actic Report Info 


Created date: 05/23/2018 at 00:09:52 Company: Qualys 
Run NOW ` created by: Hari Srinivasan Address: 501 The Metropolitan 
User name: quays qd Wakdewadi 
CIS Report for myaws Role! Manager Pune, Mehashtra 414008 


Edit 


Schedule reports for BS RE 
daily, weekly or monthly a GE 


Template: Payment Card Industry Data Security Standard (PCI - DSS) V3.2 

Report Summary 
Mandates: Requirements: PCI - DSS 
1 12 96.6% 
Connector Name: Account ID: Controls: Total Evaluations: Policies: 
MyAWS Storefront (383031258652) 44 294 1 

D 
Coming Jan. 2019 Sg 
Requirement Posture 


Requirement Posture for Payment Card Industry Data Security Standard (PCI - DSS) v3.2 


swords and other security parameters 


Coming 
Dec'18 


Azure CIS 1.0.0 Benchmark Controls 


Raghav Kulkarni (quays. rk) 


40 h CloudView 7” DASHBOARD RESOURCES MONITOR POLICIES CONFIGURATION 
x checks 


Microsoft Azure v 


Azure Assets Evaluated 


Q Search... Last90Days Y% = 


3 1 EVALUATIONS 


^ A Z ا‎ re V | Ft Uu a | M a 6 6 | N 6 5 SECURITY POSTURE FAILURES BY CRITICALITY 
Š Total Controls Evaluated 
- Azure Virtual Networks GELS Us el E e 
. Azure Blob Storage ETEK (aen | 


. ZI re N etWo rk Secu rity Lee i 00 ONTROL NAME CRITICALITY SERVICE SECURITY POSTURE 


Q rou D S SERVICES 50001 Ensure that ‘Data encryption’ is set to ON for a SQL database SQL Servers 2 7 
Policy : CIS Microsoft Azure Foundations Benchmark Total Resources: 9 
Security Center 19 
° A Zure 5 © L D ata b ases SQL Servers 5 50002 ` Ensure no SQL Servers allow ingress from Internet (ANY IP) SQL Servers 1 4 
Storage Account 2 Policy : CIS Microsoft Azure Foundations Benchmark eege 
5 Virtual Machines 2 لح يد‎ 
5 A Z U If e S e 6 U r | B y © 8 n io e f Monitor 1 50003 Ensure that 'Adaptive Application Controls' is set to On Security Center 1 
2 more Policy : CIS Microsoft Azure Foundations Benchmark repre صصح سميج‎ 
S Total Resources: 1 
. Storage A t 
O r a S 6 C © u N S 50004 Ensure that 'Automatic provisioning of monitoring agent is set to On Security Center 1 
o : : Policy : CIS Microsoft Azure Foundations Benchmark tal ا‎ 
- Logging & Monitoring 
E 50005 Ensure that 'System updates' is set to On Security Center 1 
S 6 rV | 6 6 5 Policy : CIS Microsoft Azure Foundations Benchmark usps 
otal Resources: 1 
50006 Ensure that 'Security Configurations’ is set to On Security Center d 
Policy : CIS Microsoft Azure Foundations Benchmark TÎ RSS 
50007 Ensure that 'Endpoint protection' is set to On Security Center 1 


Coming Dec. 2018 


Policy : CIS Microsoft Azure Foundations Benchmark 


پڪ 
Total Resources: 1‏ 
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Qualys Cloud Security - 
Comprehensive Coverage 


© 


DEEG 
GË 
ed (s) (9) م‎ (9 


Azure O i ORACLE SOFTLAYZR‏ 4 ولاق 
wees] Google Cloud Platfori m CJ Alibaba Cloud T— um — an IBM Company‏ 


© Qualys 
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Customer Sessions - Thursday 


10:00 — 10:35 AM 


2:50 — 3:25 PM 


D à Using Real-time visibility to unify 
.experian. security event response 


— | Security Best practices enable a 


Capital e DevOps data transformation in 
a the cloud 
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Thank You 


Hari Srinivasan 
hsrinivasan(aqualys.com 


The Big Migration... in security , it is happening.. 


Secure Development and Deployment 


a 


DEVELOPERS E T 


> Vulnerability Management 
> Compliance Checks 

> Configuration Assessments 
> Web Application Scanning 


v 

v 

Y Web Application Scanning » Web Application Firewalls 
tinuous Secure Development and Deployment 

Y Compliance Checks Secure CI/CD 

34 


Configuration Assessments 


Static Code Analysis 


Vulnerability Management 


<0 


a : 
IS) Oe be 


DevSecOps 
Secure Development and Deployments 
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